Audit .NET/.NET Core Apps with Audit.NET and AWS QLDB

Audit .NET/.NET Core Apps with Audit.NET and AWS QLDB

The post will introduce you to the auditing framework Audit.NET and how to create audit trails of .NET/.NET Core applications using AWS QLDB. Get an introduction to monitoring .NET and .NET Core applications with the auditing framework Audit.NET and AWS Quantum Ledger Database (QLDB).

Get an introduction to monitoring .NET and .NET Core applications with the auditing framework Audit.NET and AWS Quantum Ledger Database (QLDB).

In this week we have a guest post from Adrian Iftode. The post will introduce you to the auditing framework Audit.NET and how to create audit trails of .NET/.NET Core applications using AWS QLDB.

I believe every team had to justify how some things happened in a certain way. The customer is asking questions about how the system got into a specific state. Why some users had access to a sensitive module if they didn't actually have the right policy? Why the contract was paid, even if before there was a registered cancellation? An order appears as delivered, and the end client did not receive any notification? The customer wants to know why. Is it a bug, an operations issue, a system misuse? As the team starts investigating, they soon find out there is no regression. The contract was canceled indeed but reopened at the client's request. The users had the right policy at the moment when they accessed the protected module, but this was changed later into one that denies access. The end client was notified about the order delivery, and it turns out the phone number was wrong at the moment of the notification, and thus corrected later. The team can feel that the customer is not convinced, and wishes there is a better way to prove the correctness of both the logs and the system at any point in time.

AWS QLDB (AWS Quantum Ledger Database)

How do you build digital trust? If you ever downloaded a software utility, then you might have noticed the hosting website also provides some strings that you can check against once the download finishes. These strings are created by a so-called hash function, which is a mathematic way to generate a unique string from the input, in this case, the file itself. If any bit is modified during the download, then the string would look completely different if the same hash algorithm would be applied. Once the file is downloaded the next step is to apply the hash function on it and compare the output with the one published by the hosting website. If there is a match, then the file is trusted since the website is also trusted. In fact, the website is perceived as an actual central authority.

In our case, we have more problems to solve. Not only that we need to keep the history of any state change (contract, order, access policies), but we also need to prove the requested state changes from the application services did not tamper. If any database transaction details could be wrapped in a document, then this can form the input of a hash function, and we just need to store the documents and the corresponding hashes. Most of the databases follow the WAL (Write-Ahead Logging) protocol, which means no data is written to the database files if the transaction details are not written to the logs first. Thus storing only the documents and their hashes doesn't solve the problem and they need to be chained and form a hash chain. When a new transaction is added to the chain, the hashes of all the previous transactions will also be included in the input of the newly calculated hash of the new transaction. For large chains such as the ones resulted from OLTP databases, it is needed an efficient way to compute that a transaction is part of the chain. Such a structure is a Merkle Tree. Instead of looping through all the previous transactions to calculate if a transaction is part of the tree, only adjacent transactions are needed, just enough to get to the top of the tree. This data structure could be maintained either by a central authority or by several parties forming thus a distributed blockchain. For our use case, a single authority is good enough and that is provided by AWS as the QLDB service.

Audit Trails - a specialized form of logging

An audit trail is a specialized form of logging: given a system state, it is needed to know which actions were taken in order to reconstruct how and why the system got into that state. Often building systems with audit capabilities is a functional requirement.

To answer the question of how and why a contract was canceled it is first needed to have all system components engaged in this business operation to have audited all the involved actions so later on the audit trail log can be queried. With the flow of a request through the system new information is added to the audit event, like the component name, the identity or the user name of the executing request, how was the data before it was altered, how is data after modification, timestamps, machine names, a common identifier to correlate the request through the components and any other type of information that might be needed to identify the request with other systems. This operation is vital for some business, so often is considered part of the transaction: the cancellation of a contract is considered successful if also there is a record in the audit log trail.

One could rely on the ILogger interfaces to implement this requirement, but there are few problems: it could be easily turned off, failing to send a message to log won't crash the application and it does not have specialized primitives for audit logging.

Here is where Audit.NET shines as it provides two simple primitives specialized for audit logging: AuditScope and AuditScopeFactory.

dotnet aws programming developer

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

Hire AWS Developer

Looking to Hire Professional AWS Developers? The technology inventions have demanded all businesses to use and manage cloud-based computing services and Amazon is dominating the cloud computing services provider in the world. **[Hire AWS...

Hire Dedicated AWS Developer

Want to Hire AWS Developer for cloud computing services? At **[]( "")**, we leverage maximum benefits from the AWS platform ensuring prominent Solutions for business requirements....

How long does it take to develop/build an app?

This article covers A-Z about the mobile and web app development process and answers your question on how long does it take to develop/build an app.

Developer Career Path: To Become a Team Lead or Stay a Developer?

For a developer, becoming a team leader can be a trap or open up opportunities for creating software. Two years ago, when I was a developer, ... by Oleg Sklyarov, Fullstack Developer at Skyeng company

Tracking a Developer’s Journey From Documentation Visit

Measuring website activity provides only half the story. See how to best track the developer's journey and what funnel stages makes sense for API-first products